It still says 400, Bad Request.( This part we have already covered in the Responses Chapter under Status codes and their meaning). Press Send and see the response box and status code. Note: We are using the username as postman and password as password Enter the following key-value pairs in Header.We will follow these steps to check whether we can access the same API we used above or not Checking authorization using credentials These username and password values should be encoded with Base64 otherwise the server won't be able to recognize it. While using basic authentication we add the word Basic before entering the username and password. The username and password are sent as header values in the Authorization header. It requires just a username and password for checking the authorization of any person ( That is why we say basic access authentication). Basic Access Authentication / HTTP Basic AuthenticationĪ Basic Access Authentication is the most simple and basic type of authorization available. Let us see the different types of Authentication available to us. Authorization plays a very important role in deciding the accesses and tightening the security. Maybe a person changes the data for money or a person can leak the data to another company. There are numerous reasons possible for the same. If I allow an intern to access my database APIs then inadvertently he can change the data and that data can be lost forever which can come as a cost to the company. This is because it can lead to possible security breaches. In the last section, we discussed that a resource owner does not allow access to the resources to everyone in the company. Later in the tutorial, we will try to access the same API using the credentials as we discussed in the last section. The status code and response from the server indicate that we are not authorized to access the API we are trying to access( See Responses tutorial to learn more**). Note: The status code is 401 which corresponds to unauthorized access and the response message says Unauthorized. Create a GET request and enter the endpoint as.Authorization using Postman Checking Authorizationįor this chapter, we will be using the endpoint We will see the following short example to tell you how does a server rejects an unauthorized person. If you have access to the resource, then you will be granted access to the resource (Authorized). If it is, you are good to go (Authentication). When a person accesses the server with the key/password, the server checks whether the person is available in the directory and is also associated with the same key/password. So in layman terms Authentication tells who you are while Authorization tells what you can do. Whereas Authorization is a process of allowing or denying someone from accessing something, once Authentication is done. Here system can be anything, it can be a computer, phone, bank or any physical office premises. This enables the system to ensure and confirm a user’s identity. These credentials tell the system about who you are. In this section, we will clear the confusion about these two terms.Īuthentication is a process of presenting your credentials to the system and the system validating your credentials. These two terms can also be confusing at first. Authorization Vs AuthenticationĪuthorization and Authentication are two closely related terms. Only authorized people can access the secured APIs. It is not necessary that everyone will have access to all the APIs. Similarly, while there could be many APIs in a company or a project. You and your sister can open the same mobile phone, which means only you and your sister are authorized to open the phone and see the data. For example, let us say you have added your and your sister's fingerprint to your phone. If the answer is No, we can say that we are not Authorized to access the resource. The meaning of authorization can be seen as a question which is, are we eligible to access a secured resource on the Server? If the answer is yes, then in technical terms we can say that we are Authorized to access the resource.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |